njrat | 9932a9c3c258842f413e5866e866cf504affb707fbb37fcf02506c54e40f1f21 | Triage

Sharing

General

Target

NJ en lo que regresa.vbs
Size

484KB
Sample

220106-n2a8jsbbh8
MD5

cfe8083b99457520d371e972f4d340a9
SHA1

e11e37e2b04513bc50632265e4b81b24209ddd04
SHA256

9932a9c3c258842f413e5866e866cf504affb707fbb37fcf02506c54e40f1f21
SHA512

021c64c5762b6a75ee9fcabbe33656c49a259f427e94f754e53c31b20a5f2033ec925b114558cdd7ed34477e471a0850eafd8c046dee2961e47a236c2bbd6a64

Score

10^/10

njrat nyan cat trojan

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://149.56.200.165/dll/3.txt

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

venomsi.mypsx.net:81

Mutex

4c6c9a1bbdc34e6ebe

Attributes

reg_key
4c6c9a1bbdc34e6ebe
splitter
@!#&^%$

Targets

- Target
  
  NJ en lo que regresa.vbs
- Size
  
  484KB
- MD5
  
  cfe8083b99457520d371e972f4d340a9
- SHA1
  
  e11e37e2b04513bc50632265e4b81b24209ddd04
- SHA256
  
  9932a9c3c258842f413e5866e866cf504affb707fbb37fcf02506c54e40f1f21
- SHA512
  
  021c64c5762b6a75ee9fcabbe33656c49a259f427e94f754e53c31b20a5f2033ec925b114558cdd7ed34477e471a0850eafd8c046dee2961e47a236c2bbd6a64
Score

10^/10

njrat nyan cat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Blocklisted process makes network request
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

njratnyan cattrojan